The organisation would need to establish a Sarbanes-Oxley (SOX) compliance programme, required of all public companies, with a focus on remediating the deficiencies created by the material weaknesses. It would also need to transform its technology systems, particularly within the finance function. And it would need an effective data strategy that would enable it to effectively integrate data from the acquired companies, creating a single source of truth for effective decision making.
The company engaged Protiviti to assist it with preparations for SOX compliance, finance transformation through system implementations and process redesign, and development of an organisational data strategy. Protiviti would serve as a trusted advisor, providing the right expertise, resources and solutions to address the big picture goals the company wanted to achieve.
Sorting through SOX requirements to achieve compliance
Given the highly regulated nature of the insurance industry, establishing a SOX compliance programme scope and project plan, along with creating an internal audit function, was critical. The company collaborated with Protiviti and their external auditor to conduct remediation workshops over high-risk areas. The team tested operating effectiveness and assessed control design performance via walkthroughs, and addressed remediation efforts, internal control design and improvement opportunities.
As a result of these efforts, the organisation gained substantial benefits, including:
- Development of SOX planning and risk assessment tools and facilitation of training programmes
- Implementation of overall SOX programme management, including scope and coordination with external auditors
- Creation of a detailed project plan to manage timeline, material weakness remediation efforts and resources
- Documentation of control design and operating effectiveness, including flow charts, process narratives, risk and control matrices, and test plans
Transforming the finance function
As the company progressed its growth strategy, its leadership wanted to mature the organisation’s highly manual processes and capabilities, with a focus on transforming the finance function. They approached the challenge with a mindset of scalability, knowing they needed to grow their technology and capabilities and implement the right technology to support automation and integration now while scaling for aggressive growth in the future.
Working in partnership with Protiviti, leadership identified several critical areas for improvement and a roadmap to address them. These areas included the control environment, policies and procedures, complex transactions and IT general controls (ITGCs). Through interviews and workshops with finance and operational stakeholders, Protiviti and company leadership analysed key processes to identify discrepancies between business requirements and available software functionality.
The team designed a target operating model and identified the optimal “fit for purpose” solutions, setting the stage for successful systems implementations. Multiple business finance processes were addressed, including accounts payable, fixed assets, financial reporting, reconciliations and financial close management, human capital management and access management. The organisation achieved several benefits from this process, including:
- Successful implementation of point solutions to support key business transformation objectives, including NetSuite ERP, Blackline for end-to-end record-to-reporting, Okta for access management, and Workday for human resources and RP&A
- Readiness to go through the implementation process based on the Phase Zero solution design approach that included developing process maps and creating a shared-risk/shared-gain relationship between technology and the business
- Process efficiencies (e.g., financial close), as well as the ability to remediate audit and control deficiencies related to SOX compliance
By focusing on the right technology solutions to meet the company’s requirements over the next three to five years, the organisation was able to get the greatest benefit without overinvesting in technology that exceeded their needs. This strategy enables the company to be scalable and react to its needs as its technology requirements grow.